you can now [...] add allowed IPs that should always have access to your account when the correct username, password (and 2FA where applicable) credentials are supplied

What extra level of security/control does it offer over supplying "the correct username, password (and 2FA where applicable) credentials" without any IP selection?

I can understand you may wish to block certain IP addresses even with correct credentials. And, possibly, to allow credential-free access from specific IPs if you value convenience much more than security. But credentials and IP address?

It depends how you use the service as to whether allowing a particular IP address offers additional security or control for your particular situation.

- not everyone uses 2FA, and malware does steal usernames/passwords
- some people always use Runbox from one location and ask if we can allow just that one IP address
- businesses may want to restrict access to work premises only

I hope that helps explain some of the use cases we have been asked to cater for.